Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is pev.exe a valid file?


  • Please log in to reply
1 reply to this topic

#1 sgreen2

sgreen2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 22 July 2009 - 11:40 PM

Hello, newbie here and I hope this isn't a time-wasting post. I fought an infection for the past several days on a laptop, but I finally beat it. In the process I believe one of my USB thumbdrives got infected. I have connected this thumbdrive on two different PC's since then and both of them have shown signs of infection. Running Malwarebytes, and Combo fix then trendmicro's housecall has them clean (I think). One thing that was common to both cleaning processes is that a message saying "pev.cfexe has encountered a problem and cannot continue running" popped up while combo-fix was running. I don't find that file anywere, but I do find pev.exe on both pc's under c:\windows, and the create time is about the time I connected the usb drive on each respective pc.

Does anyone know if the file pev.exe is a valid file or if its presence poses a threat to my PC's?

The infection I was fighting seems to have many names, but the main symptom was a desktop image that said "YOUR SYSTEM IS INFECTED" and a paragraph about what to do about it. This image was named critical_warning.html and was found under c:\windows\system32.

Thanks in advance for any assistance!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 AM

Posted 23 July 2009 - 08:37 AM

Since you indicate that you recently used Combofix...

Legitimate programs or specialized fix tools such as Combofix use certain embedded files as part of its routine when using.

At times these files may be detected by anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or it can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. If the file has not been detected, then you can manually delete it or uninstall CF.

To remove ComboFix and all backups of files that it deleted:
  • Go to Start > Run and type or copy/paste in the run dialog box: Combofix /u
  • press OK.
    Posted Image
  • When shown the disclaimer, Select "2"
  • This will delete ComboFix's related folders and files, reset your clock settings, hide file extensions/system files and reset System Restore.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users